Last active 1 month ago

Revision dacef75254b055fe2f878992794236673aa431c5

gistfile1.txt Raw
1# ============================================
2# Remove peers from WireGuard
3# ============================================
4
5function cmd::group::rm_peers() {
6 local name="" force=false
7
8 while [[ $# -gt 0 ]]; do
9 case "$1" in
10 --name) util::require_flag "--name" "${2:-}" || return 1; name="$2"; shift 2 ;;
11 --force) force=true; shift ;;
12 --help) cmd::group::help; return ;;
13 *) log::error "Unknown flag: $1"; return 1 ;;
14 esac
15 done
16
17 [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
18 group::require_exists "$name" || return 1
19
20 local peers_list=()
21 mapfile -t peers_list < <(group::peers "$name")
22 local peer_count=${#peers_list[@]}
23 [[ -z "${peers_list[0]:-}" ]] && peer_count=0
24
25 if [[ "$peer_count" -eq 0 ]]; then
26 log::wg_warning "Group '${name}' has no peers"
27 return 0
28 fi
29
30 if ! $force; then
31 read -r -p "Remove all ${peer_count} peers in group '${name}' from WireGuard? [y/N] " confirm
32 case "$confirm" in
33 [yY][eE][sS]|[yY]) ;;
34 *) log::info "Aborted"; return 0 ;;
35 esac
36 fi
37
38 load_command remove
39 group::each_peer "$name" cmd::group::_rm_peer_cb
40 log::wg_success "Removed peers from group '${name}' (definition kept)"
41}
42
43function cmd::group::_rm_peer_cb() {
44 local peer_name="${1:-}"
45 if ! group::_peer_exists_check "$peer_name"; then
46 log::wg_warning "Peer '${peer_name}' no longer exists — skipping"
47 return 0
48 fi
49 cmd::remove::run --name "$peer_name" --force
50}
51
52# ============================================
53# Block / Unblock
54# ============================================
55
56function cmd::group::block() {
57 local name="" force=false
58
59 while [[ $# -gt 0 ]]; do
60 case "$1" in
61 --name) util::require_flag "--name" "${2:-}" || return 1; name="$2"; shift 2 ;;
62 --force) force=true; shift ;;
63 --help) cmd::group::help; return ;;
64 *) log::error "Unknown flag: $1"; return 1 ;;
65 esac
66 done
67
68 [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
69 group::require_exists "$name" || return 1
70
71 local peers_list=()
72 mapfile -t peers_list < <(group::peers "$name")
73
74 if [[ ${#peers_list[@]} -eq 0 ]] || [[ -z "${peers_list[0]:-}" ]]; then
75 log::wg_warning "Group '${name}' has no peers"
76 return 0
77 fi
78
79 local count=0 skipped=0 blocked_names=()
80 local filtered=()
81 for p in "${peers_list[@]:-}"; do
82 [[ -n "$p" ]] && filtered+=("$p")
83 done
84 [[ ${#filtered[@]} -eq 0 ]] && log::wg_warning "Group '${name}' has no peers" && return 0
85
86 for peer_name in "${filtered[@]}"; do
87 if cmd::group::_block_peer "$peer_name" "$name"; then
88 (( count++ )) || true
89 else
90 (( skipped++ )) || true
91 fi
92 done
93
94 if [[ "$count" -gt 0 ]]; then
95 log::wg_block "All peers from ${name} have been blocked (${count} peers)."
96 fi
97
98 if [[ "$skipped" -gt 0 ]]; then
99 log::wg_warning "${skipped} peers already blocked"
100 fi
101}
102
103function cmd::group::unblock() {
104 local name="" force=false
105
106 while [[ $# -gt 0 ]]; do
107 case "$1" in
108 --name) util::require_flag "--name" "${2:-}" || return 1; name="$2"; shift 2 ;;
109 --force) force=true; shift ;;
110 --help) cmd::group::help; return ;;
111 *) log::error "Unknown flag: $1"; return 1 ;;
112 esac
113 done
114
115 [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
116 group::require_exists "$name" || return 1
117
118 local peers_list=()
119 mapfile -t peers_list < <(group::peers "$name")
120
121 local filtered=()
122 for p in "${peers_list[@]:-}"; do [[ -n "$p" ]] && filtered+=("$p"); done
123 [[ ${#filtered[@]} -eq 0 ]] && log::wg_warning "Group '${name}' has no peers" && return 0
124
125 local count=0 skipped=0
126
127 for peer_name in "${filtered[@]}"; do
128 if cmd::group::_unblock_peer "$peer_name" "$name"; then
129 (( count++ )) || true
130 else
131 (( skipped++ )) || true
132 fi
133 done
134
135 if [[ "$count" -gt 0 ]]; then
136 log::wg_unblock "All peers from ${name} have been unblocked."
137 fi
138
139 if [[ "$skipped" -gt 0 ]]; then
140 log::wg_warning "${skipped} peer(s) remain blocked (blocked directly or by other groups)"
141 fi
142}
143
144function cmd::group::_block_peer() {
145 local peer_name="${1:-}" group_name="${2:-}"
146 if ! group::_peer_exists_check "$peer_name"; then
147 log::wg_warning "Peer '${peer_name}' no longer exists — skipping"
148 return 0
149 fi
150
151 local client_ip
152 client_ip=$(peers::get_ip "$peer_name")
153
154 # Check if already blocked by this group
155 local current_blocked_groups
156 current_blocked_groups=$(block::get_groups "$peer_name")
157
158 local IFS=','
159 for g in $current_blocked_groups; do
160 if [[ "$g" == "$group_name" ]]; then
161 log::wg_warning "${peer_name} — already blocked by group '${group_name}'"
162 return 1
163 fi
164 done
165
166 # Add group to block tracking
167 block::add_group "$peer_name" "$client_ip" "$group_name"
168
169 # Apply fw rules only if peer is still in WG server (not yet blocked)
170 if peers::exists_in_server "$peer_name"; then
171 block::apply_full "$peer_name" "$client_ip"
172 fi
173}
174
175function cmd::group::_unblock_peer() {
176 local peer_name="${1:-}" group_name="${2:-}"
177
178 if ! group::_peer_exists_check "$peer_name"; then
179 log::wg_warning "Peer '${peer_name}' no longer exists — skipping"
180 return 1
181 fi
182
183 # Check if blocked by this group at all
184 if ! block::has_file "$peer_name"; then
185 log::wg_warning "${peer_name} — not blocked"
186 return 1
187 fi
188
189 local current_groups
190 current_groups=$(block::get_groups "$peer_name")
191 if [[ "$current_groups" != *"$group_name"* ]]; then
192 log::wg_warning "${peer_name} — not blocked by group '${group_name}'"
193 return 1
194 fi
195
196 local client_ip
197 client_ip=$(peers::get_ip "$peer_name")
198
199 block::remove_group "$peer_name" "$client_ip" "$group_name"
200
201 if block::is_blocked "$peer_name"; then
202 local groups
203 groups=$(block::get_groups "$peer_name")
204
205 local direct
206 direct=$(block::is_blocked_direct "$peer_name")
207
208 if [[ "$direct" == "true" ]]; then
209 log::wg_warning "${peer_name} — still blocked directly, skipping"
210 else
211 log::wg_warning "${peer_name} — still blocked by group(s): ${groups}, skipping"
212 fi
213
214 return 1
215 fi
216
217 block::restore_peer "$peer_name" "$client_ip"
218 block::remove_file "$peer_name"
219
220 local rule
221 rule=$(peers::get_meta "$peer_name" "rule")
222
223 [[ -n "$rule" ]] && rule::exists "$rule" && \
224 rule::apply "$rule" "$client_ip" "$peer_name"
225}
226
227# ============================================
228# Rule assign
229# ============================================
230
231function cmd::group::rule() {
232 local subcmd="${1:-help}"
233 shift || true
234 case "$subcmd" in
235 assign) cmd::group::rule_assign "$@" ;;
236 *)
237 log::error "Unknown rule subcommand: '${subcmd}'"
238 cmd::group::help
239 return 1
240 ;;
241 esac
242}
243
244function cmd::group::rule_assign() {
245 local name="" rule=""
246
247 while [[ $# -gt 0 ]]; do
248 case "$1" in
249 --name) util::require_flag "--name" "${2:-}" || return 1; name="$2"; shift 2 ;;
250 --rule) util::require_flag "--rule" "${2:-}" || return 1; rule="$2"; shift 2 ;;
251 --help) cmd::group::help; return ;;
252 *) log::error "Unknown flag: $1"; return 1 ;;
253 esac
254 done
255
256 [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
257 [[ -z "$rule" ]] && log::error "Missing required flag: --rule" && return 1
258 group::require_exists "$name" || return 1
259 rule::require_exists "$rule" || return 1
260
261 local peers_list=()
262 mapfile -t peers_list < <(group::peers "$name")
263 [[ -z "${peers_list[0]:-}" ]] && log::wg_warning "Group '${name}' has no peers" && return 0
264
265 group::each_peer "$name" cmd::group::_rule_assign_cb "$rule"
266 log::wg_success "Assigned rule '${rule}' to group '${name}'"
267}
268
269function cmd::group::_rule_assign_cb() {
270 local peer_name="${1:-}" rule="${2:-}"
271 if ! group::_peer_exists_check "$peer_name"; then
272 log::wg_warning "Peer '${peer_name}' no longer exists — skipping"
273 return 0
274 fi
275 load_command rule
276 cmd::rule::assign --name "$rule" --peer "$peer_name"
277}